정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Similar documents
Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Automating Best Practices to Improve Design Quality

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

Intro to Proving Absence of Errors in C/C++ Code

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Verification and Validation of High-Integrity Systems

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

Generating Industry Standards Production C Code Using Embedded Coder

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Verification and Test with Model-Based Design

From Design to Production

Guido Sandmann MathWorks GmbH. Michael Seibt Mentor Graphics GmbH ABSTRACT INTRODUCTION - WORKFLOW OVERVIEW

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

Standardkonforme Absicherung mit Model-Based Design

Utilisation des Méthodes Formelles Sur le code et sur les modèles

AUTOSAR design flow. Yoon-Jin Kim Application Engineer. July mentor.com/automotive

Experiences with AUTOSAR compliant Autocode generation using TargetLink

Static Analysis in C/C++ code with Polyspace

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Virtualization of Heterogeneous Electronic Control Units Testing and Validating Car2X Communication

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Model Based Development and Code Generation for Automotive Embedded Systems. April 26, 2017 Dr. Gergely Pintér, Dr. Máté Kovács thyssenkrupp Steering

AVS: A Test Suite for Automatically Generated Code

Automating Best Practices to Improve Design Quality

SystemDesk - EB tresos Studio - TargetLink Workflow Descriptions

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

A Model-Based Reference Workflow for the Development of Safety-Related Software

Engineering Your Software For Attack

AUTOSAR Software Design with PREEvision

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

Using Model-Based Design in conformance with safety standards

ISO meets AUTOSAR - First Lessons Learned Dr. Günther Heling

SafeRiver SME. Added Value Solutions for Embedded Systems. Tools for FuSa and Software Security. Packaged Services. CIR agreed

AUTOSAR Method. Webinar

Handling Challenges of Multi-Core Technology in Automotive Software Engineering

CERT C++ COMPLIANCE ENFORCEMENT

Increasing Design Confidence Model and Code Verification

Better than Hand Generating Highly Optimized Code using Simulink and Embedded Coder

Simulink for AUTOSAR: Best Practices

Automotive Software Security Testing

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Coding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya

IDE for medical device software development. Hyun-Do Lee, Field Application Engineer

Frequently Asked Questions. AUTOSAR C++14 Coding Guidelines

Coding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya

Static Analysis of C++ Projects with CodeSonar

Simulink 를이용한 효율적인레거시코드 검증방안

Formal Verification of Models and Code Prashant Mathapati Application Engineer Polyspace & Model Verification

CTFL -Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

Introducing Hardware Security Modules to Embedded Systems

Taking the Right Turn with Safe and Modular Solutions for the Automotive Industry

Testing, Validating, and Verifying with Model-Based Design Phil Rottier

CERTIFICATION ISSUES IN AUTOMOTIVE SOFTWARE

2015 The MathWorks, Inc. 1

Tools and Methods for Validation and Verification as requested by ISO26262

Coverity Static Analysis Support for MISRA Coding Standards

Verification, Validation, and Test with Model-Based Design

Verification, Validation and Test in Model Based Design Manohar Reddy

Jay Abraham 1 MathWorks, Natick, MA, 01760

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

AUTOSAR proofs to be THE automotive software platform for intelligent mobility

Certification Authorities Software Team (CAST) Position Paper CAST-25

Virtual Validation of Cyber Physical Systems

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

Procurement Language for Supply Chain Cyber Assurance

AstréeA From Research To Industry

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

Automotive Networks Are New Busses and Gateways the Answer or Just Another Challenge? ESWEEK Panel Oct. 3, 2007

Preventing External Connected Devices From Compromising Vehicle Systems Vector Congress November 7, 2017 Novi, MI

Secure Product Design Lifecycle for Connected Vehicles

Evaluating Bug Finders

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Cyber Security and Vehicle Diagnostics. Mark Zachos DG Technologies

Software integration challenge multi-core experience from real world projects

Safety, Security, and Portability

Internet of Things Security standards

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

MASP Chapter on Safety and Security

Model-Based Design for Safety Critical Automotive Applications

Standardization for efficient testing of Automotive Ethernet ECUs

Better Regulatory Outcomes & the CASCO Toolbox

Introduction. Background. Document: WG 14/N1619. Text for comment WFW-1 of N1618

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

13W-AutoSPIN Automotive Cybersecurity

Create, Embed, Empower. Crevavi Technologies Company profile

10 th AUTOSAR Open Conference

Considerations in automotive embedded development Global Automotive Director Kiyo Uemura

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Cybersecurity & Risks Analysis

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Practical approaches for re-architecture with benefits for AUTOSAR or non-autosar implementations Dave Hoadley Principle Pilot Engineer

Transcription:

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석 Develop high quality embedded software 이영준 Principal Application Engineer 2015 The MathWorks, Inc. 1

Agendas Unit-proving of AUTOSAR Component and Runtime error Secure Coding Standard and Polyspace MISRA-C:2012 Amendment 1 ISO 17961 CERT-C/C++ CWE 2

Unit-Proving of AUTOSAR Component And Runtime Error 3

What is AUTOSAR? The Automotive industry and its challenges Specifications OEMs objectives: Integration from different suppliers Need confidence in the supplier s code Supplier s challenge: Time-to-market Code size Pressure from OEMs Set up the supply chain OEMs (manufacturers) HMC BMW ARXML files Tier-1 (suppliers) Hyundai Bosch AUTOSAR solves by providing a software architecture and common specifications (ARXML files) Implementations Components providers (general and need to be calibrated to a specific vehicle) Need for validation of AUTOSAR components among actors 4

How Polyspace for AUTOSAR can help? Specifications 3 4 1) check for run-time errors and mismatch in the ARXML specifications 2) Check if implementation follow specifications OEMs ARXML files Tier-1 3) assess impact of changes in the specifications 2 1 4) check implementation against specifications updates Implementations ARXML files are used to communicate, Polyspace for AUTOSAR is used to prove robustness and compliance 5

Polyspace for AUTOSAR features Automatic split by component swca.c swca.h swcb.c Sound analysis Sound analysis plus checks to prove that the code matches the specification Back to specifications New view to detail the AUTOSAR specification ARXML Implementation (source files) polyspace-autosar SW-C1 SW-C2 SW-C3 Polyspace Automatic launching on each component Prove specs matching 6

Polyspace for AUTOSAR workflow Specifications ARXML files Implementation Simulink model Split the code in components as defined in ARXML Polyspace for AUTOSAR SW-C1 SW-C2 SW-C3 Perform a separate unit analysis of each component with Polyspace Free of run-time errors Checks that code of runnable respects its output specification Checks that code of runnable calls Rte functions in respect of their specification swca.c swca.h swcb.c 7

Polyspace and AUTOSAR ARXML AUTOSAR architecture ARXML provides specification of Application Layer and link with RTE Polyspace verifies the match between code and ARXML Application Layer Polyspace verifies the Application Layer RTE Polyspace stubs the RTE Layer RTE Layer not verified by Polyspace for AUTOSAR Polyspace can verify RTE Services Layer ECU Abstraction Layer Basic Software Microcontroller Abstraction Layer Complex Device Drivers Not verified by Polyspace for AUTOSAR Polyspace may verify these ECU Hardware 8

Unit verification of an AUTOSAR software component ARXML Runnable Runnable Runnable Calls the runnables as defined in specification ARXML provides specification of runnables: - Context of call - Output ARXML provides specification of Rte functions Component = set of runnable functions C code Runnable Rte functions Service / ECU Layers Verifies each runnable in isolation Checks that code of runnable respects its output specification Checks that code of runnable calls Rte functions in respect of their specification 9

Unit verification of an AUTOSAR software component Simulink model. Calls the runnables as defined in specification ARXML provides specification of runnables: - Context of call - Output. ARXML ARXML provides specification of Rte functions C code Runnable Rte functions Service / ECU Layers Checks that code of runnable respects its output specification Checks that code of runnable calls Rte functions in respect of their specification 10

Hand-Written Code based on ARXML Polyspace for AUTOSAR SWC 11

Generated Code From Simulink Model based on ARXML Polyspace for AUTOSAR SWC 12

Workflow Benefits Provide automatically the best configuration for Polyspace Detect inconsistencies between AUTOSAR specifications and code implementation Unit verification of AUTOSAR software components with Polyspace Sound analysis: proves that code respects the specification Static analysis: considers all potential cases 13

Secure Coding and Polyspace 14

Safety vs. Security Safety System issue Environment Security Environment attack System Note: Security issues may cause safety issues SAE J3061 15

Cybersecurity Industry Activities & Standards SAE Vehicle Cybersecurity Systems Engineering Committee SAE J3061 - Cybersecurity Guidebook for Cyber-Physical Vehicle Systems SAE J3101 - Requirements for Hardware-Protected Security for Ground Vehicle Applications (WIP) SAE Cybersecurity Assurance Testing Task Force (TEVEES18A1) Coding standards & practices that we observe at automotive customers - MISRA-C:2012 Amendment 1 - ISO/IEC TS 17961 C Secure Coding Rules - CERT-C / CERT-C++ - CWE Common Weakness Enumeration 16

ISO/IEC TS 17961 Compared with Other Standards Coding Standard C Standard Security Standard Safety Standard International Standard CWE None/all Yes No No N/A MISRA C:2004 C89 No Yes No No MISRA C:2012 C99 No Yes No No CERT C99 C99 Yes No No Yes CERT C11 C11 Yes Yes No Yes ISO/IEC TS 17961 C11 Yes No Yes Yes Whole Language Table is based on the book: 17

SEI CERT C Coding Standard This coding standard consists of rules and recommendations, collectively referred to as guidelines. Rules are meant to provide normative requirements for code, whereas Recommendations are meant to provide guidance that, when followed, should improve the safety, reliability, and security of software systems. 18

CERT-C Coverage with Polyspace You can map Polyspace results to CERT C rules and recommendations Using Polyspace results, you can address 103 CERT C rules (90%) and 95 CERT-C recommendations (50%) The CERT C website, under continuous development, lists 118 rules and 188 recommendations (Count based on The CERT C++ Coding Standard document, 2016 Edition) 19

CERT-C++ coverage with Polyspace You can map Polyspace results to CERT C++ rules Using the Polyspace results, you can address 34 CERT C++ rules (40%) and 79 CERT C rules that also apply to C++ (99%) The CERT C++ website, under continuous development, lists 163 rules including 80 CERT C rules that also apply to C++ (based on count in April 2018 in CERT-C++ web site) Two new arguments for option checkers in C++ mode (-lang CPP): CERT-rules (only CERT-C++ rules) and CERT-all (it includes also CERT-C rules that apply) 20

Completeness And Soundness From ISO 17961 False Negatives Failure to report a real flaw in the code is usually regarded as the most serious analysis error, as it may leave the user with a false sense of security. False Positives The tool reports a flaw when one does not exist. Polyspace Code Prover Polyspace Bug Finder 21

ISO/IEC TS 17961 C secure coding rules 22

ISO 17961 - C Secure Coding Rules The purpose of this Technical Specification is to specify analyzable secure coding rules that can be automatically enforced to detect security flaws in C-conforming applications. To be considered a security flaw, a software bug must be triggerable by the actions of a malicious user or attacker. 23

ISO 17961 - C Secure Coding Rules 24

Polyspace Bug Finder And Security Standard Well-know defects for unreliable code like buffer overflows, dead code Plus two categories: Security and Tainted data Security Standards CERT-C ISO-17961 (Full) MISRA-C 2012 (Full) CWE The mapping table between Polyspace Bug Finder and Security Standard MATLAB_INSTALL\polyspace\resources\Polyspace Results R2018b.xlsx 25

How does Polyspace help you with embedded software security? Detecting security vulnerabilities and underlying defects early Provides Exhaustive Documentation and recommendation for security fix Proving absence of certain critical vulnerabilities Complying with industry standards MISRA-C, CWE, CERT C, ISO 17961 26

Q & A 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback